Hi Margaret,
please find the below steps to do the same.
The Log to a Syslog Server response rule action logs the incident to a syslog server. These logs can be useful if you use a Security Information and Events Management (SIEM) system.
This response rule action is available for all types of detection servers.
You must integrate the Enforce Server with the syslog server to implement this response rule action.
- To configure the Log to a Syslog Server response rule action
- Configure a response rule at the Configure Response Rule screen.
Add the Log to a Syslog Server action type from the Actions list.
Enter the Host name of the syslog server.
Edit the Port for the syslog server, if necessary.
The default port is 514.
Enter the text of the Message to log on the syslog server.
Select the Level to apply to the log message from the drop-down list.
The following options are available:
0 - Kernel panic
1 - Needs immediate attention
2 - Critical condition
3 - Error
4 - Warning
5 - May need attention
6 - Informational
7- Debugging
Save the response rule.
See Manage response rules.